Forum Discussion
JD_Tomzak
Cirrus
CirrusIrule advice?
Hello, I'm seeking advice on using an Irule to drop a connection when a certain condition is met in the URI. fid= followed by non numeric charectors. fid=1234 would pass. fid=13d4 would drop. Thanks...
when HTTP_REQUEST { if { [string tolower [HTTP::query]] contains "fld" } { if { ![string is digit [URI::query [HTTP::uri] "fld"]] } { log local0. "invalid fld value, rejecting from [IP::client_addr]" reject } } }The following accounts for a POST request where the payload is URL encoded or XML:
when HTTP_REQUEST { if { [HTTP::method] eq "POST" } { ## Trigger collection for up to 1MB of data if { [HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576 }{ set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } ## Check if $content_length is not set to 0 if { $content_length > 0 } { HTTP::collect $content_length } } } when HTTP_REQUEST_DATA { set fld "" if { [HTTP::payload] contains "fld=" } { foreach x [split [HTTP::payload] "&"] { if { $x starts_with "fld=" } { set fld [lindex [split $x "="] 1] continue } } } elseif { [HTTP::payload] contains "<fld>" } { set fld [findstr [HTTP::payload] "<fld>" 5 "</fld>"] } if { $fld ne "" } { if { ![string is digit $fld] } { log local0. "invalid fld value, rejecting from [IP::client_addr]" HTTP::respond 400 content "Bad Request" "Content-Type" "text/html" "Connection" "close" } } }
Kevin_Stewart
Employee
EmployeeThe following accounts for a POST request where the payload is URL encoded or XML:
when HTTP_REQUEST {
if { [HTTP::method] eq "POST" } {
## Trigger collection for up to 1MB of data
if { [HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576 }{
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1048576
}
## Check if $content_length is not set to 0
if { $content_length > 0 } {
HTTP::collect $content_length
}
}
}
when HTTP_REQUEST_DATA {
set fld ""
if { [HTTP::payload] contains "fld=" } {
foreach x [split [HTTP::payload] "&"] {
if { $x starts_with "fld=" } {
set fld [lindex [split $x "="] 1]
continue
}
}
} elseif { [HTTP::payload] contains "<fld>" } {
set fld [findstr [HTTP::payload] "<fld>" 5 "</fld>"]
}
if { $fld ne "" } {
if { ![string is digit $fld] } {
log local0. "invalid fld value, rejecting from [IP::client_addr]"
HTTP::respond 400 content "Bad Request" "Content-Type" "text/html" "Connection" "close"
}
}
}